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Risk Management Methods and Procedures 


Article 1 Risk management policies 

To implement corporate governance duties, maintain sustainable operations, and control the internal 
and external economic, social, and environmental risks that the Company faces, each department 
must act within its authority to identify and clarify risks with the potential to disrupt corporate 
operations or sustainable development. Latent risks shall be monitored and preventive measures shall 
be implemented in order to strengthen risk management, enhance systematic response capabilities, 
and achieve risk control objectives, thus maintaining shareholders’ rights and interests, raising 
competitiveness, and establishing a foundation for the Company’s sustained operations and 


development. 


Article 2 Purpose 

The Company carries out risk management when it recognizes a potential threat to operations in order 
to effectively identify and clarify risks, manage responses, monitor preventive measures, and organize 
reporting procedures. To strengthen prevention and introduce systematic strategies and management 


measures to counter risks, the Company formulated these Methods. 


Article 3 Risk management organizational framework and responsibilities 
A. Board of Directors: 
The Board of Directors is the highest unit at the Company that is responsible for risk 
management guidance. The Board’s risk management objectives include upholding 
compliance with laws and regulations as well as promoting and implementing the Company’s 
overall operational risk management goals. A clear understanding of the risks that could impact 


sustainable operations is needed for effective risk management. 


B. Operational management meetings: 
The president or operational managers convene management meetings or operational meetings 
to review, approve, and manage each departmental plan or project as well as to carry out risk 
analysis and response command. 

C. Audit units: 
An independent department affiliated with the Board of Directors that is responsible for internal 
audits, supports the Board and management in inspections and reviews to uncover deficiencies 
in internal control mechanisms, thus balancing operational results and efficiency while 
providing timely improvement recommendations. These measures ensure the continued 
implementation of internal control mechanisms and are a basis for related reviews and 


amendments. 


D. 


Responsible department: 

While carrying out everyday duties, personnel from each responsible department shall serve as 
the first line of defense in risk management. They shall analyze, monitor, and prevent risks that 
are related to their departments while ensuring that risk control mechanisms and procedures 


are effectively implemented. 


Article 4 Risk management categories 


A. 


Strategic risks: 
(a) Technological innovation and industrial trends, (b) Changing market needs, (c) Technical 
R&D process and competitive trends, (d) Policy or regulatory changes, (e) Global politics and 


economic circumstances 


Operational and management risks: 
(a) Clients and suppliers honoring agreements, (b) Protection and use of intellectual property 
rights, (c) Management of talent recruitment and development, (d) Information security, (e) 
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. Financial risks: 


(a) Exchange rates, interest rates, taxation, inflation, and other fluctuations, (b) Strategic 


investments, (c) Banking and financial management 
Harmful incident risks: 
(a) Natural disasters or climate change, (b) Water and electricity supply, (c) Communicable 


disease impacts 


Other risks: Risks not listed above that could cause major losses to the Company. 


Article 5 Risk management procedures 


A. 


The Company’s risk management includes the following: risk identification, risk measurement, 

risk monitoring, risk response, risk reports, and risk disclosure. 

(a) Risks that are within their scope of authority. 

(b) Risk measurement: After each responsible department identifies potential risks, the 
department shall formulate suitable measurement methods to serve as a basis for risk 
management. 

(c) Risk monitoring and control: Each responsible department shall monitor potential risks that 
are within their scope of business. When the degree of risk is high enough to damage the 
Company, the responsible department shall propose response strategies and report the risk 
and related response strategies in operational management meetings. 

(d) Risk response: After each responsible department evaluates and summarizes risk 


information, the department shall adopt suitable response measures, such as risk 


identification explanation, analysis reports, and implementation of response control 
proposals. 

(e) Risk reporting and disclosure: The Company shall regularly report risk conditions to the 
Board of Directors to be used as a reference when making management decisions, 


implementing risk management procedures, and assessing implementation results. 


B. Three levels of risk management and control response procedures: 

(a) Responsible department: Personnel from each responsible department shall identify 
potential risks that are within their scope of authority then carry out assessments, formulate 
response and control proposals, and issue reports. 

(b) Operational management meetings: The president or operational managers convene 
management meetings or operational meetings to implement risk analysis and response for 
operational plans or projects, as well as to carry out analysis and response command for 
each risk reported by responsible departments. 

(c) Board of Directors: Based on risk category, responsible departments shall implement risk 
management measures. All Company personnel shall engage in comprehensive risk control 
and risk prevention in order to effectively carry out risk management. Material risks that 
could impact the Company’s operations or sustainable development shall be regularly 
reported to the Board of Directors (at least once per year) by the president or operational 


managers. 


C. Audit units are responsible for monitoring responsible departments for compliance to their level 
of authority and related management methods and procedures, in order to ensure that all 


employees are sufficiently aware of risk management and effectively carry out duties. 


D. When there are uncertainties that pose a significant risk to business operations or sustainable 
development, the responsible unit shall convene related departments for examination and enlist 
external consultants when needed to evaluate risks, recommend preventive measures, and take 


actions. 


Article 6 Enforcement 
These Risk Management Methods and Procedures, and any amendments hereto, shall be implemented 


after adoption by resolution of the Board of Directors. 


